shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-05 04:40:31 +09:00
Code Issues Packages Projects Releases Wiki Activity
4,250 Commits 12 Branches 62 Tags
fded1fb9eb672f9946fafbb43bfe1e8121e812d9
Commit Graph

4250 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andreas Schneider
fded1fb9eb channels: Don't call ssh_channel_close() twice 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 6cd8d4a24a)
 2018-12-13 21:30:35 +01:00
Anderson Toshiyuki Sasaki
a6e055c42b packet: Allow SSH2_MSG_EXT_INFO when authenticated 
When the server requests rekey, it can send the SSH2_MSG_EXT_INFO.  This
message was being filtered out by the packet filtering.  This includes a
test to enforce the filtering rules for this packet type.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit fe309ba43f)
 2018-12-10 17:50:27 +01:00
Andreas Schneider
32221ea9fb channels: Send close if we received a remote close 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c3067f8e73)
 2018-12-10 17:50:22 +01:00
Andreas Schneider
917ba07478 channels: Reformat ssh_channel_free() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1d5b222cc4)
 2018-12-10 17:50:19 +01:00
Andreas Schneider
bcdbc11732 channel: Add SSH_CHANNEL_FLAG_CLOSED_LOCAL 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 13b9d268d4)
 2018-12-10 17:50:17 +01:00
Andreas Schneider
79289dc506 channel: Reformat ssh_channel_close() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0ba10870d1)
 2018-12-10 17:50:14 +01:00
Andreas Schneider
45172a70fa sftp: Do not overwrite errors set by channel functions 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 3784226fd8)
 2018-11-30 18:57:39 +01:00
Anderson Toshiyuki Sasaki
7b0c80b475 tests: Test calling ssh_init() after ssh_finalize() 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c413834764)
 2018-11-30 18:57:39 +01:00
Anderson Toshiyuki Sasaki
d5bc9a1ace libcrypto: Fix access violation in ssh_init() 
This fixes an access violation when ssh_init() was called after
ssh_finalize() in Windows when using OpenSSL 1.0.2 and libssh statically
linked.

Fixes T120

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 41b0d263d6)
 2018-11-30 18:57:39 +01:00
Jakub Jelen
80d3e10b47 tests: Verify that signatures are sane and can not be verified by non-matching key 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 130256c348)
 2018-11-30 18:57:39 +01:00
Jakub Jelen
455d495c74 pki: Sanitize input to verification 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit b72c9eead6)
 2018-11-30 18:57:39 +01:00
Jakub Jelen
b1bae1d90f pki: Return default RSA key type for DIGEST_AUTO 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c7628fbfea)
 2018-11-30 18:57:39 +01:00
Jakub Jelen
ad4f1dbea0 pki: Verify the provided public key has expected type 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 783e5fd206)
 2018-11-30 18:57:39 +01:00
Jakub Jelen
5ffe695c3c pki: Sanity-check signature matches base key type 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c79c33e224)
 2018-11-30 18:57:39 +01:00
Jakub Jelen
230a437288 tests: Do not require base RSA type for SHA2 extension whitelist 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 968fdf4e18)
 2018-11-30 18:57:38 +01:00
Jakub Jelen
1df272c3cc packet_cb: Properly verify the signature type 
Issue reported by Tilo Eckert <tilo.eckert@flam.de>

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit bc91fa98ea)
 2018-11-30 18:57:38 +01:00
Jakub Jelen
c3a57fe2dc pki: Separate signature extraction and verification 
Initial solution proposed by Tilo Eckert <tilo.eckert@flam.de>

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d2434c69c0)
 2018-11-30 18:57:38 +01:00
Jakub Jelen
a238df2436 pki: Set correct type for imported signatures 
Issue reported by Tilo Eckert <tilo.eckert@flam.de>

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 7f83a1efae)
 2018-11-30 18:57:38 +01:00
Jakub Jelen
f5e8fa5c5f pki: Use self-explanatory variable names 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 7b725e6bc7)
 2018-11-30 18:57:38 +01:00
Jakub Jelen
0a07266d9c The largest ECDSA key has 521 bits 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 46d8840f7e)
 2018-11-30 18:57:38 +01:00
Jakub Jelen
953eae880f pki_gcrypt: Do not abort on bad signature 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c1fdb56d23)
 2018-11-30 18:57:38 +01:00
Jakub Jelen
1d5215a5af server: Do not send SSH_MSG_EXT_INFO after rekey 
This should not be a problem for well-behaving clients that do not
append the ext-info-c to the rekey, but if they do, we should not
send it either.

Resolves: T121

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-23 17:31:53 +01:00
Jakub Jelen
2d06a83b82 kex: Do not negotiate extensions during rekey 
The RFC 8308 clearly says, that the additional  ext-info-c  should
be added only to the first SSH_MSG_KEXINIT.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-23 17:31:51 +01:00
Jakub Jelen
fd844cac6d tests: Verify setting NULL knownhosts does not crash 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-23 17:31:29 +01:00
Jakub Jelen
a106a00e0d options: Do not crash when setting knownhosts to NULL (T108) 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-23 17:31:26 +01:00
Aris Adamantiadis
d8372c3063 gcrypt: Bugfix for very slow ecdh 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 9546b20dec)
 2018-11-21 16:55:19 +01:00
Tilo Eckert
946210534e socket: Add missing braces 
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit b227c12ad2)
 2018-11-21 12:27:01 +01:00
Tilo Eckert
fe0331cf40 socket: Remove redundant code 
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f369d02932)
 2018-11-20 08:46:46 +01:00
Tilo Eckert
709c48eab6 socket: Fix potential buffer overrun 
If nread is < 0 and no exception callback is set,
the following code block would cause a buffer overrun.

Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0b9e07fbdc)
 2018-11-20 08:46:44 +01:00
Tilo Eckert
3d56bdae37 pki: Fix typos in documentation 
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c47cdc0f97)
 2018-11-20 08:46:43 +01:00
Tilo Eckert
8b4de1c477 packet: Fix timeout on hostkey type mismatch instead of proper error 
If the hostkey type was not in the list of acceptable hostkey
types, the function failed to set the error state. Due to the
fact that the calling function ssh_packet_process() does not
handle the SSH_ERROR return code, the newkeys packet from the
server was silently ignored, stalling the connection until a
timeout occurred.

Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 4b6eb05023)
 2018-11-20 08:46:41 +01:00
Nicolas Viennot
906f63ba97 packets: Fix ssh_send_keepalive() 
ssh_send_keepalive() should use global_request() to properly configure
the state machine for packet filtering.

Signed-off-by: Nicolas Viennot <nicolas@viennot.biz>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 59ada799d7)
 2018-11-20 07:55:43 +01:00
Andreas Schneider
26ea4f059a COPYING: Reformat the last paragraph 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit bb5d46c190)
 2018-11-20 07:55:42 +01:00
Andreas Schneider
3b46198c42 tests: Fix chroot_wrapper location 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit aa56b8ca53)
 2018-11-15 16:36:21 +01:00
Sanne Raymaekers
3de34944ad tests: Ensure the ssh session fd is read-/writeable in torture_proxycommand 
Signed-off-by: Sanne Raymaekers <sraymaek@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 03c30e9c8a)
 2018-11-15 16:35:43 +01:00
Sanne Raymaekers
69cb3c5835 knownhosts: Take StrictHostKeyChecking option into account 
Signed-off-by: Sanne Raymaekers <sraymaek@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 67f418218b)
 2018-11-08 20:12:47 +01:00
Rosen Penev
5102b16cf1 crypto: Fix compilation for OpenSSL without deprecated APIs 
Added missing bn.h include.

Made engine.h include conditional, otherwise it would fail.

DSA_generate_parameters was deprecated long before 1.1.0.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 61cac32288)
 2018-11-08 09:32:42 +01:00
Christophe Giboudeaux
dc071dc6cf cmake: Refresh the CMake Config files 
This commit fixes a couple issues in the CMake configuration files and uses
native features from CMake:

* libssh-build-tree-settings.cmake is deleted. There was a typo that made
this file unusable, anyway.
* use the macros available in CMakePackageConfigHelpers.cmake to generate
the version file and check that the files exist
* Remove the LIBSSH_THREADS_LIBRARY variable, it used the non-existent
  LIBSSH_THREADS_LIBRARY_NAME variable.
* Fix the in tree build. libssh can be used uninstalled again.

Test plan:
The values were tested after installing the new files and also without running
'make install'.

Signed-off-by: Christophe Giboudeaux <christophe@krop.fr>
(cherry picked from commit aa899f8ec0)
 2018-11-06 14:02:33 +01:00
Jakub Jelen
a8d4fbaccb tests: Improve error reporting in auth test 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 7e44ce1556)
 2018-11-02 11:43:17 +01:00
Jakub Jelen
56b7d2da4d tests: Typo -- the flags should be checked according to the comment 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5fc4d5b22a)
 2018-11-02 11:43:09 +01:00
Jakub Jelen
a4b99eedf2 knownhosts: Make sure we have both knownhosts files ready 
If either one is missing at this point, fill it with default vaules in
ssh_options_apply().

Previously, when setting up only knownhosts, global_knownhosts file
was left pointing to NULL and the ssh_known_hosts_read_entries()
was trying to open NULL file which is invalid.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5159cd96e8)
 2018-11-02 11:43:04 +01:00
Jakub Jelen
8a8498b586 client: Reformat comment 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 35c417312c)
 2018-11-02 11:42:52 +01:00
Jakub Jelen
44b32e940e tests/pkd: Properly clean up memory 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e1a8b359c1)
 2018-11-02 11:42:50 +01:00
Jakub Jelen
059079581a session: Drop unused structure member (SSHv1) 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c8519c435e)
 2018-11-02 11:42:48 +01:00
Jakub Jelen
f11be32e11 misc: Properly check for errors returned from getpwuid_r() 
Resolves: T118

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d85bc347d3)
 2018-11-02 11:42:42 +01:00
Jakub Jelen
a9be4ab73e misc: Reformat ssh_get_user_home_dir and ssh_file_readaccess_ok 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 9c4baa7fd5)
 2018-11-02 11:42:39 +01:00
Andreas Schneider
273fb4cfc6 Bump version to 0.8.5 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
libssh-0.8.5 		2018-10-29 10:50:51 +01:00
Andreas Schneider
56f7c27852 Bump SO version to 4.7.2 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a4342b97d6)
 2018-10-29 09:34:09 +01:00
Mike Frysinger
1285b37b60 doc: fix up various typos and trailing whitespace 
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 963c3077a4)
 2018-10-28 14:31:12 +01:00
Andreas Schneider
b7de358cdc libcrypto: Fix memory leak in evp_final() 
Fixes T116

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a280747462)
 2018-10-28 14:31:09 +01:00